[Federal Register Volume 74, Number 227 (Friday, November 27, 2009)]
[Notices]
[Pages 62319-62327]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: E9-28328]


-----------------------------------------------------------------------

DEPARTMENT OF HEALTH AND HUMAN SERVICES

Office of the Secretary


Screening Framework Guidance for Synthetic Double-Stranded DNA 
Providers

AGENCY: Department of Health and Human Services, Office of the 
Secretary.

ACTION: Notice.

-----------------------------------------------------------------------

    Authority: Public Health Service Act, 42 U.S.C. 241, Section 
301; HSPD-10.

SUMMARY: To reduce the risk that individuals with ill intent may 
exploit the commercial application of nucleic acid synthesis technology 
to access genetic material derived from or encoding Select Agents or 
Toxins, the U.S. Government has developed recommendations for a 
framework for synthetic nucleic acid screening. This document is 
intended to provide guidance to producers of synthetic genomic products 
regarding the screening of orders so that these orders are filled in 
compliance with current U.S. regulations and to encourage best 
practices in addressing potential biosecurity concerns. Following this 
guidance is voluntary, though many specific recommendations serve to 
remind providers of their obligations under existing regulations. The 
target audience for this guidance is the gene and genome synthesis 
industry, because the technical hurdles for de novo synthesis of Select 
Agents and Toxins from double-stranded DNA are much lower than for de 
novo synthesis of these agents from single-stranded oligonucleotides. 
This guidance proposes a screening framework for commercial providers 
of synthetic double-stranded DNA 200 base pairs (bps) or greater in 
length to address concerns associated with the potential for misuse of 
their products. The framework includes customer screening and sequence 
screening, follow-up screening as necessary, and consultation with U.S. 
Government contacts, as needed.
    This guidance is submitted for public consideration and comment for 
a period of 60 days. The Office of the Assistant Secretary of 
Preparedness and Response (ASPR) within the Department of Health and 
Human Services (HHS) is submitting this document for public 
consideration as the lead agency in a broad interagency process to 
draft the guidance.

DATES: The public is encouraged to submit written comments on this 
proposed action. Comments may be submitted to HHS/ASPR in electronic or 
paper form at the HHS/ASPR e-mail address, mailing address, and fax 
number shown below under the heading FOR FURTHER INFORMATION CONTACT. 
All comments should be submitted by January 26, 2010. All written 
comments received in response to this notice will be available for 
review by request.

FOR FURTHER INFORMATION CONTACT: Jessica Tucker, Ph.D., Office of 
Medicine, Science, and Public Health, Office of the Assistant Secretary 
for Preparedness and Response, U.S. Department of Health and Human 
Services, 330 C Street, SW., Room 5008B, Washington, DC 20201; phone: 
202-260-0632; fax: 202-205-8494; e-mail address: 
asprfrcorrespondence@hhs.gov.

SUPPLEMENTARY INFORMATION:

Screening Framework Guidance for Synthetic Double-Stranded DNA 
Providers

I. Summary

    Synthetic biology, the developing interdisciplinary field that 
focuses on both the design and fabrication of novel biological 
components and systems as well as the re-design and fabrication of 
existing biological systems, is poised to become the next significant 
transforming technology for the life sciences and beyond. Synthetic 
biology is not constrained by the requirement of using existing genetic 
material. Thus, technologies that permit the directed synthesis of 
polynucleotides have great potential to be used to generate organisms, 
both currently existing and novel, including pathogens that could 
threaten public health, agriculture, plants, animals, the environment, 
or material. To reduce the risk that individuals with ill intent may 
exploit the commercial application of nucleic acid synthesis technology 
to access genetic material derived from or encoding Select Agents or 
Toxins, the U.S. Government has developed recommendations for a 
framework for synthetic nucleic acid screening. This document is 
intended to provide guidance to producers of synthetic genomic products 
regarding the screening of orders so that these orders are filled in 
compliance with current U.S. regulations and to encourage best 
practices in addressing potential biosecurity concerns.
    Following this guidance is voluntary, though many specific 
recommendations serve to remind providers of their obligations under 
existing regulations. The target audience for this guidance is the gene 
and genome synthesis industry, because the technical hurdles for de 
novo synthesis of Select Agents and Toxins from double-stranded DNA are 
much lower than for de novo synthesis of these agents from single-
stranded oligonucleotides. This guidance proposes a screening framework 
for commercial providers of synthetic double-stranded DNA 200 base 
pairs (bps) or greater in length to address concerns associated with 
the potential for misuse of their products. The framework includes 
customer screening and sequence screening, follow-up screening as 
necessary, and consultation with U.S. Government contacts, as

[[Page 62320]]

needed. Briefly, upon receiving an order for synthetic double-stranded 
DNA, the U.S. Government recommends that the provider perform customer 
screening. If the information provided by the customer raises any `red 
flags,' providers should perform follow-up screening. If no customer 
identity concerns or other `red flags' are raised in customer 
screening, sequence screening is recommended. If sequence screening 
raises any concerns, providers should pursue follow-up screening to 
clarify the end-use of the ordered sequence. If follow-up screening 
does not resolve concerns about the order or there is reason to believe 
a customer may intentionally or inadvertently violate U.S. laws, 
providers should contact designated entities within the U.S. Government 
for further information. This guidance also provides recommendations 
regarding proper records retention protocols and screening software.

II. Introduction

    Synthetic biology is distinct from traditional recombinant DNA 
technology in some key aspects: (1) It is not constrained by the 
requirement for using existing genetic material, and (2) it is an 
interdisciplinary field that includes biologists, engineers, chemists, 
and computer modelers. It is the former novel feature, along with rapid 
advances in DNA synthesis technology and the open availability of 
pathogen genome sequence data, that has raised concerns in the 
scientific community, the nucleic acid synthesis industry, the U.S. 
Government, and the general public.
    Within the U.S., microbial organisms and toxins that have been 
determined to have the potential to pose a severe threat to public 
health and safety, animal health, plant health, or animal or plant 
products are regulated through the Select Agent Regulations (SAR), 
administered by the Department of Health and Human Services/Centers for 
Disease Control and Prevention (CDC) and the U.S. Department of 
Agriculture/Animal and Plant Health Inspection Service (USDA/APHIS). 
The SAR sets forth requirements for the possession, use, and transfer 
of listed agents. Technologies that permit the directed synthesis of 
polynucleotides, which underlie synthetic biology and more specifically 
synthetic genomics, could enable individuals not authorized to possess 
Select Agents to gain access to them through their de novo synthesis. 
Such synthesis obviates the need for access to the naturally occurring 
agents or naturally occurring genetic material from these agents, 
thereby greatly expanding the potential availability of these agents.
    The National Science Advisory Board for Biosecurity (NSABB) was 
charged with identifying the potential biosecurity concerns raised by 
the ability to synthesize Select Agents and providing advice on whether 
current U.S. Government policies and regulations adequately cover the 
de novo synthesis of Select Agents. Their report entitled Addressing 
Biosecurity Concerns Related to the Synthesis of Select Agents was 
formally transmitted to the U.S. Government in March 2007. Federal 
Departments and Agencies with equities relevant to life science 
research and/or security deliberated over the NSABB recommendations and 
identified a series of relevant policy actions targeted to promote risk 
management, while seeking to minimize negative impacts upon scientific 
progress or industrial development.
    One of the formal policy actions in regard to Synthetic DNA and 
Biological Security charged Federal Departments and Agencies to 
``engage stakeholders in industry and academia to identify, evaluate 
and support the establishment of a screening infrastructure for use by 
commercial providers and users of synthetic nucleic acids.'' Toward 
this end, this document provides guidance to synthetic nucleic acid 
providers regarding a screening framework for synthetically derived 
double-stranded DNA orders that are 200 bps or greater in length. 
Specific recommendations are in bold type throughout the text.

III. Goals of Guidance

    The primary goal in developing guidance for synthetic nucleic acid 
providers is to minimize the risk that unauthorized individuals or 
individuals with malicious intent will gain access to toxins and 
organisms of concern through the use of nucleic acid synthesis 
technologies, while at the same time minimizing any negative impacts on 
the conduct of research and business operations. These guidelines were 
developed to be easily integrated within providers' existing protocols 
with minimal cost, and to be globally extensible, both for U.S.-based 
firms operating abroad and for international companies.
    Providers of synthetic nucleic acids have two overriding 
responsibilities in this context:

 Providers should know to whom they are selling a product
 Providers should know if the nature and identity of the 
product that they are selling poses a hazard to public health, 
agriculture, or security

    To help providers meet these responsibilities, this guidance 
outlines a screening framework that addresses both customer screening 
(customer identity) and sequence screening (product identity). Though 
certain guidance provided in this document is necessarily framed by 
U.S. policy and regulations, the guidelines were composed so that 
fundamental goals, provider responsibilities, and the screening 
framework could be considered for application by the international 
community. In particular, though the Select Agents and Toxins that are 
a primary focus of these guidelines may not be relevant for all 
countries, the sequence screening framework has been developed so that 
it could be applied to other categories of agents that may be relevant 
for other regions.

IV. Overall Process: Synthetic Nucleic Acid Screening Framework

    Providers should consider establishing a comprehensive and 
integrated screening framework that includes both customer screening 
and sequence screening.
     Customer Screening--The purpose of customer screening is 
to establish the legitimacy of customers ordering synthetic nucleic 
acid sequences, both at the level of the individual and the 
organization. Providers should develop customer screening mechanisms to 
verify customer identities, to identify potential `red flags,' and to 
conform to U.S. trade restrictions and export control regulations.
     Sequence Screening--The purpose of sequence screening is 
to identify when sequences of concern are ordered. Identification of a 
sequence of concern does not necessarily imply that the order itself is 
of concern. Rather, when a sequence of concern is ordered, further 
customer screening procedures should be used to determine if filling 
the order would raise cause for concern. Sequence screening is 
currently being recommended for all double-stranded DNA 200 bps or 
greater in length.
    Many customers will likely volunteer information about their 
identity or the sequence they are ordering. Providers should 
corroborate this information as part of their screening framework.
    The following overall screening methodology is recommended:
    1. Upon receiving an order for synthetic double-stranded DNA, the 
U.S. Government recommends reviewing the information provided by the 
customer to verify their identity and identify potential `red flags' 
(referred to as customer screening). If the information provided raises 
any

[[Page 62321]]

concerns, providers should ask the customer for additional information 
to clarify the customer's need for the order and its intended end-use 
(referred to as follow-up screening). Providers should also check 
customers and their affiliated organizations against lists of denied or 
blocked persons and entities maintained by the Departments of Commerce, 
State, and Treasury.
    2. If no concerns or `red flags' are raised during customer 
screening, the U.S. Government recommends screening the ordered 
sequence to identify sequences derived from or encoding Select Agents 
and Toxins \1\ (referred to as sequence screening). For international 
customers, providers should also screen the ordered sequence to 
identify sequences derived from or encoding the agents and toxins on 
the Export Administration Regulation's (EAR's) Commerce Control List 
(CCL).\2\ Scenarios of concern may include:
---------------------------------------------------------------------------

    \1\ Please see http://www.selectagents.gov to access the most 
recent Select Agents and Toxins List.
    \2\ Visit http://www.access.gpo.gov/bis/ear/ear_data.html to 
access the most recent Commerce Control List and review the Export 
Administration Regulations.
---------------------------------------------------------------------------

    a. If an ordered nucleic acid can be classified as a Select Agent 
or Toxin based on the SAR \3\ or is identified as a sequence of concern 
(defined in Section V.B.1.), additional customer verification steps 
should be performed and may in some cases be required.
---------------------------------------------------------------------------

    \3\ The CDC/APHIS national Select Agent registry Web site 
(http://www.selectagents.gov) contains a guidance document entitled 
``Applicability of the Select Agent Regulations to Issues of 
Synthetic Genomics'' to assist providers in identifying 
synthetically derived Select Agent materials that would fall under 
the current regulations. The regulation of Select Agents and Toxins 
currently includes (1) Nucleic acids that can produce infectious 
forms of any Select Agent viruses and (2) Recombinant nucleic acids 
that encode for the functional form(s) of any of the regulated 
toxins if the nucleic acids: (i) Can be expressed in vivo or in 
vitro, or (ii) Are in a vector or recombinant host genome and can be 
expressed in vivo or in vitro.
---------------------------------------------------------------------------

    b. If an ordered nucleic acid can be classified as a Select Agent 
or Toxin based on the SAR, providers must be registered under the SAR 
to possess the nucleic acid. Transfer of the material from the producer 
must be done in accordance with USDA APHIS and CDC procedures using the 
APHIS/CDC Form 2 to obtain authorization for and to document the 
transfer. Additional information on the transfer of select agents and 
toxins is available at http://www.selectagents.gov.
    c. If an order is defined as a genetic element that is listed on 
the CCL, additional restrictions or licensing requirements may exist 
for international orders.
    3. If sequence screening or customer screening raises any concerns, 
providers should pursue follow-up screening to clarify the end-use of 
the ordered sequence. The goal of follow-up screening is to assist the 
provider in determining whether to fill the order. If the provider 
encounters a scenario where they would benefit from additional 
assistance in assessing an order, the provider is encouraged to seek 
advice from the relevant U.S. Government Departments and Agencies by 
contacting the nearest FBI Field Office Weapons of Mass Destruction 
(WMD) Coordinator. The WMD Coordinator can be reached by contacting the 
local FBI Field Office and asking to be connected to the FBI WMD 
Coordinator.

V. Pertinent Screening Definitions and Details

    This section reviews pertinent definitions and provides details of 
the steps involved in the recommended screening framework. These steps 
include customer screening, sequence screening, and follow-up 
screening.

A. Customer Screening

    Customer screening encompasses two overarching responsibilities of 
providers: Customer verification and identification of any `red flags.'
1. Customer Verification
    To ensure compliance with U.S. regulations concerning exports and 
sanctioned individuals and countries, the U.S. Government recommends 
that, for every order, synthetic nucleic acid providers:
    (1) Gather the following information to verify a customer's 
identity:

 Customer's (and end-user's, if different) full name and 
contact information
 Billing address and shipping address (if not the same)
 Customer's institutional or corporate affiliation (if 
applicable)
 Name of institution's Biological Safety Officer (if 
applicable)

    (2) Screen customers against several lists of proscribed entities 
(described in Section VI).
    Lack of affiliation with an institution or firm does not 
automatically indicate that a customer's order should be denied. In 
such cases, the U.S. Government recommends conducting follow-up 
screening.
    The U.S. Government recommends that companies retain electronic 
copies of customer orders for at least eight years based on the statute 
of limitations set forth by U.S. Code Title 18 Section 3286.\4\
---------------------------------------------------------------------------

    \4\ The eight-year statute of limitations in Section 3286 
applies to the offense defined by Title 18 Section 175(b) 
(possession of biological agents with no reasonable justification).
---------------------------------------------------------------------------

    The U.S. Government recommends archiving the following information: 
Customer (and end-user, if different) information (name, organization, 
address, and phone number), order sequence information, and order 
information (date placed and shipped, shipping address, and receiver 
name).
2. `Red Flags'
    In reviewing the customer's order information, providers should 
take into account any circumstances in the proposed transaction that 
may indicate that the order may be intended for an inappropriate end-
use, end-user or destination. These are known as `red flags.'
    The following is an illustrative list of indicators that can help 
in identifying suspicious orders of synthetic double-stranded DNA:
     A customer whose identity is not clear, who appears 
evasive about their identity or affiliations, or whose information 
cannot be confirmed or verified (e.g., addresses do not match, not a 
legitimate company, no Web site, cannot be located in trade 
directories, etc.).
     A customer or intermediary agent who would not be expected 
in the course of their normal business to place such an order (e.g., no 
connection to life science research, biotechnology or requirement for 
DNA synthesis services).
     An unusually large order of DNA sequences, including 
larger than normal quantities, the same order placed several times, or 
several orders of the same sequence made in a short timeframe.
     A customer that requests unusual labeling or shipping 
procedures (e.g., requests to misidentify the goods on the packaging, 
requests to deliver to a private address, or requests to change the 
customer's name after the order is placed, but before it is shipped).
     A customer proposing an unusual method of payment (e.g., 
arranging payment in cash, personal credit card or through a non-bank 
third party) or offering to pay unusually favorable payment terms, such 
as a willingness to pay a higher than expected price.
     A customer that requests unusual confidentiality 
conditions regarding the order, particularly with respect to the final 
destination or the destruction of transaction records.

[[Page 62322]]

    If a review of customer information reveals one or more `red 
flags,' the U.S. Government recommends that providers exercise due 
diligence, inquire regarding the circumstances, and verify the end-use 
and end-user (see follow-up screening). If providers are unsure about 
whether to fill an order, they should contact the U.S. Government for 
further information.

B. Sequence Screening

    Sequence screening is intended to elicit information detailing the 
characteristics of the ordered nucleic acid sequence and to determine 
whether the customer has placed an order for a sequence of concern, 
based on the product identity. Providers should screen ordered 
sequences that are 200 bps in length or greater.
1. Identifying Sequences of Concern
    The U.S. Government recommends that nucleic acid sequences be 
screened for nucleic acids derived from or encoding Select Agents and 
Toxins and, for foreign orders, for nucleic acids derived from or 
encoding pathogens and toxins on the Commerce Control List. The U.S. 
Government chose the agents and toxins identified by HHS and USDA as 
``Select Agents and Toxins'' as the most appropriate list of agents of 
concern against which providers should screen orders since:
     The list is comprised of high consequence pathogens and 
toxins that have the potential to pose a severe threat to human, 
animal, or plant health or to animal or plant products
     Their possession, use, and transfer are managed through 
Federal regulations.
    A list of biological agents and toxins that affect humans has been 
promulgated by HHS/CDC (HHS Select Agents and Toxins, 42 CFR 73.3). A 
list of biological agents that affect animals and animal products has 
been promulgated by USDA/APHIS/Veterinary Services (USDA Select Agents 
and Toxins, 9 CFR 121.3). A list of agents that affect plants and plant 
products has been promulgated by USDA/APHIS/Plant Protection and 
Quarantine (USDA Select Agents and Toxins, 7 CFR 331.3). Additionally, 
HHS and USDA promulgated a list of ``overlap'' agents that affect both 
humans and animals (42 CFR 73.4 and 9 CFR 121.4). The Select Agent and 
Toxins lists are reviewed biennially and updated as needed to include 
additional agents or toxins that may pose a biosecurity concern. 
Therefore, for the purposes of this guidance, ``agents of concern'' are 
classified as Select Agents and Toxins, and ``sequences of concern'' 
are sequences derived from or encoding Select Agents and Toxins. For 
foreign orders, ``agents of concern'' also include pathogens and toxins 
on the EAR's CCL, and ``sequences of concerns'' includes those nucleic 
acids derived from or encoding those pathogens and toxins.\5\
---------------------------------------------------------------------------

    \5\ The EAR provisions are subject to change, as they are 
regularly updated pursuant to multilateral agreements.
---------------------------------------------------------------------------

    If a customer orders a synthetic nucleic acid that can be 
classified as a Select Agent or Toxin, the provider must abide by the 
CDC and USDA/APHIS Select Agent Regulations (42 CFR 73, 7 CFR 331, and 
9 CFR 121). The CDC/APHIS national Select Agent registry Web site 
(http://www.selectagents.gov) contains a guidance document developed by 
the national Select Agent regulatory programs to assist providers in 
identifying synthetically derived Select Agent materials that would 
fall under the current regulations. Providers of regulated nucleic 
acids must be registered with CDC or APHIS in order to synthesize these 
materials.
    The U.S. Government acknowledges that there are synthetic nucleic 
acid sequences from non-Select Agents or Toxins that may pose a 
biosecurity concern. Synthetic nucleic acid providers may choose to 
investigate such sequences as part of their best practices. However, 
due to the complexity of determining pathogenicity and because research 
in this area is ongoing, a list of additional non-Select Agent or Toxin 
sequences or organisms to screen against would not be comprehensive and 
consequently are not provided by the U.S. Government in this guidance. 
Because the CCL and the Select Agents and Toxins list are not 
identical, separate screening for those sequences on the CCL is 
recommended for international orders.
2. Technical Goals and Recommendations for Sequence Screening
    The reliable and accurate detection of synthetic nucleic acid 
sequences derived from or encoding sequences or agents of concern is 
the primary goal of sequence screening. In considering various sequence 
screening methodologies, the U.S. Government developed the following 
list of specific technical goals and recommendations for a sequence 
screening methodology:
    The U.S. Government recommends that the sequence screening method 
should identify sequences unique to Select Agents and Toxins. Many DNA 
sequences encode genes that are required to maintain normal cellular 
physiology, otherwise known as ``house-keeping genes.'' These ``house-
keeping genes'' are highly conserved between pathogenic and non-
pathogenic species. Screening methodologies that recognize highly 
conserved sequences such as ``house-keeping genes'' as positive hits 
for sequences of concern not only offer little to no biosecurity 
benefit, but may impede the screening efforts. Such methodologies would 
produce a larger number of hits adding extra burden for screeners and 
potentially resulting in actual sequences of concern being overlooked. 
Additionally, such a system may hamper scientific research by falsely 
assigning sequences from closely related microbes as sequences of 
concern.
    The U.S. Government recommends that sequence screening be performed 
for both DNA strands and the resultant polypeptides derived from 
translations using the three alternative reading frames on each DNA 
strand (or six-frame translation). Each amino acid is encoded by a 
codon, a three nucleotide sequence of DNA. The correspondence from 
codon to amino acid is not unique. A given amino acid may be encoded by 
one to six distinct codons, which means that an amino acid polypeptide 
can be encoded by many different DNA sequences. Consequently, to 
determine whether a nucleotide sequence encodes for a sequence or agent 
of concern, it is necessary to screen the six-frame translation 
polypeptides encoded by the DNA sequences in addition to the DNA 
sequences themselves.
    The U.S. Government recommends that sequence alignment methods 
should permit the detection of ``sequences of concern'' of 200 bps that 
may be hidden within larger sequence orders. Genes vary widely in 
length. If a sequence screening system assesses only the overall 
sequence length without any local checks, a sequence of concern can go 
undetected if inserted within a larger, benign sequence. The screening 
routine should be capable of local sequence alignments to ensure that 
potentially harmful sequences, embedded within larger sequences, are 
not overlooked. 200 bps is set as the limit for sequences of concern 
since synthetic nucleic acids smaller than 200 bps can be readily 
ordered as oligonucleotides, and gene synthesis companies are the 
target audience for this guidance.
3. Sequence Screening Methodology
    The U.S. Government considered two distinct screening approaches, 
one based on a curated database of known sequences of concern and 
another utilizing a method called ``Best Match.''

[[Page 62323]]

The first approach requires the creation of databases identifying 
specific features such as known pathogenic sequences, virulence 
factors, house-keeping genes, etc. While the acquisition of such 
knowledge is progressing, at this time customized database approaches 
are unable to provide a robust solution that can be implemented by DNA 
synthesis providers.
    Consequently, the U.S. Government recommends a ``Best Match'' 
approach for sequence screening. In this approach, a query sequence is 
deemed to be unique to a Select Agent or Toxin if the sequence (amino 
acid) is more closely related to a Select Agent or Toxin sequence than 
to a non-Select Agent or Toxin sequence. Sequences that are equally 
related to both a Select Agent or Toxin and a non-Select Agent or Toxin 
will not produce a sequence hit. As a result, the number of hits for 
sequences that can be obtained from non-Select Agents and Toxins will 
be reduced. To meet the goals and recommendations stated above, the 
U.S. Government recommends that each sequence be broken into a six-
frame translation of 200 bp nucleotide segments. Each resulting 66 
amino acid sequence should be compared to the GenBank protein sequence 
database using a sequence alignment tool. The ``Best Match'' is the 
sequence or sequences with the greatest percent identity over the 
entire 66 amino acid sequence. If the ``Best Match'' is to a Select 
Agent or Toxin sequence, with no equivalent hits to a non-Select Agent 
or Toxin, the order should be further investigated by the provider as a 
potential sequence hit.
    The ``Best Match'' approach is intended to minimize the number of 
sequence hits due to genes that are shared among both Select Agents or 
Toxins and non-Select Agents or Toxins. Nonetheless, some harmless 
sequences in Select Agents or Toxins or those that are routinely used 
in scientific research may result in a hit during this sequence screen.
    The U.S. Government recommends that providers develop, maintain, 
and document protocols to determine if a sequence hit qualifies as a 
true sequence of concern. Additionally, providers should keep records 
of all hits even if the order is deemed acceptable. In cases where the 
provider is unable to make the determination, advice can be sought from 
the relevant U.S. Government Departments and Agencies by contacting the 
nearest FBI Field Office Weapons of Mass Destruction Coordinator.
    The provider may deem some sequences from non-Select Agents and 
Toxins to be a biosecurity concern. The U.S. Government recommends that 
providers continue to exercise their due diligence in the investigation 
of screening hits against non-Select Agents and Toxins that may raise a 
biosecurity concern.
    These sequence screening methodology recommendations do not 
preclude the use of curated databases in addition to the ``Best Match'' 
approach. The development of such databases is encouraged as an 
additional screening tool that will improve with time as additional 
data becomes available. Providers may choose to use other screening 
approaches that they assess to be equivalent or superior to the ``Best 
Match'' approach. The U.S. Government recommends that providers 
develop, maintain, and document their sequence screening protocol 
within company records.
    The U.S. Government recognizes that continued research and 
development may lead to new and improved screening methodologies. As 
new methods are developed, U.S. guidance may change accordingly.

C. Follow-Up Screening

    Follow-up screening may be warranted if customer screening reveals 
any `red flags' or sequence screening results in a hit. In any case 
where there are abnormal circumstances surrounding the order or the 
customer has ordered a sequence of concern, the U.S. Government 
recommends that providers ask for information regarding the customer's 
proposed end-use of the order to help assess their need and the 
scientific legitimacy of their work. Sample end-uses of ordered 
synthetic nucleic acids could include, but are not limited to:

 Identification of pathogenicity genes via marker-deletion 
mutagenesis
 Training for threat agent detection
 Production of organism for experimental research studies

    If the customer is associated with an institution or firm, 
providers should also contact the customer's biological safety officer, 
supervisor, lab director or director of research in order to verify the 
customer's identity and need. If the customer is not affiliated with an 
institution or firm, providers should also conduct a literature review 
of the customer's past research to verify his or her identity and need.

VI. Recommended Processes for Domestic and International Orders

    This section outlines recommendations for specific screening 
processes for orders from domestic and international customers. The 
customer screening, sequence screening, and follow-up screening 
protocols that are referenced in this section are defined and described 
in Section V. Most of the information provided in this section serves 
as a reminder to providers to ensure they are meeting their legal 
obligations not to conduct unapproved business transactions with 
certain proscribed entities.

A. Domestic Orders

    Once a domestic customer order is received, the provider should 
conduct customer screening.
    In addition to verifying the customer identity and identifying any 
`red flags,' providers should be aware of regulatory and statutory 
prohibitions for U.S. persons from dealing with certain foreign 
persons, entities and companies. In order to avoid violating U.S. law, 
providers are encouraged to check the individual placing the order and 
the individual's affiliated institution (when applicable) against 
several lists of proscribed entities before filling each order, 
including the:
     Department of Treasury Office of Foreign Assets Control 
(OFAC) list of Specially Designated Nationals and Blocked Persons (SDN 
List).
     Department of State list of persons engaged in 
proliferation activities.
     Department of Commerce Denied Persons List (DPL).
    According to U.S. regulations, no U.S. persons or entities may 
conduct business transactions with individuals or entities on the SDN 
List without a license from OFAC. This list is maintained by OFAC. OFAC 
only provides a license to deal with individuals on the SDN List in 
extremely limited circumstances.\6\
---------------------------------------------------------------------------

    \6\ Additional information, including the SDN List, is available 
at: http://www.treas.gov/offices/enforcement/ofac/sdn/.
---------------------------------------------------------------------------

    According to U.S. regulations, no U.S. persons or entities may 
conduct business transactions with individuals sanctioned by the 
Department of State for engaging in proliferation activities.\7\
---------------------------------------------------------------------------

    \7\ Announcements of such sanctions determinations are printed 
in the Federal Register and are maintained on the Department of 
State's Web site (http://www.state.gov/t/isn/c15231.htm).
---------------------------------------------------------------------------

    Additionally, the U.S. Government recommends that providers screen 
customers against the DPL for domestic orders. This list includes those 
firms and individuals whose export privileges have been denied. While 
the Department of Commerce only regulates exports and therefore does 
not require that companies screen their domestic customers against the 
list, it recommends that they do so, to avoid

[[Page 62324]]

unwittingly passing on sensitive technology or materials to U.S. 
residents known to be involved in proliferation activities.\2\
    Because the updated lists are available online, providers should 
ensure they are using the most recently updated lists when screening 
customers against these lists.
    If no concerns are raised after consulting these lists, the 
provider should proceed to sequence screening. If a sequence of concern 
is identified, providers should conduct follow-up screening. If there 
are concerns after consulting these lists, providers should consider 
seeking assistance from the U.S. Government as outlined in Section VII.

B. Foreign Orders

    Once an order from a foreign customer is received, the provider 
should conduct customer screening.
    In addition to complying with the rules described for domestic 
orders, all providers who export products from the United States to 
international customers must comply with the U.S. export laws, 
including the International Emergency Economic Powers Act,\8\ the 
Trading with the Enemy Act,\9\ and any implementing U.S. Government 
regulations or Presidential Executive orders. Certain transactions with 
sanctioned countries may be permitted but may require a license from 
OFAC and/or the Department of Commerce's Bureau of Industry and 
Security (BIS). Most transactions involving Cuba, Iran, and Sudan are 
prohibited. In order to comply with the U.S. export laws and 
regulations, providers must first determine whether a given transaction 
with a sanctioned country is permitted, and, if not permitted, obtain 
any appropriate export licenses or other U.S. Government permissions 
prior to exporting any product to sanctioned countries.
---------------------------------------------------------------------------

    \8\ Visit http://www.treas.gov/offices/enforcement/ofac/legal/statutes/ieepa.pdf for additional information.
    \9\ Visit http://www.treas.gov/offices/enforcement/ofac/legal/statutes/twea.pdf for additional information.
---------------------------------------------------------------------------

    According to U.S. regulations, no U.S. persons or entities may 
conduct transactions with individuals or entities on the SDN List 
without a license from OFAC. This list is maintained by OFAC. OFAC only 
provides a license to deal with individuals on the SDN List in 
extremely limited circumstances.\6\
    According to U.S. regulations, no U.S. persons or entities may 
conduct business transactions with individuals sanctioned by the 
Department of State for engaging in proliferation activities.\7\
    If no concerns are identified during customer screening or the 
checks against the lists delineated above, the provider should perform 
sequence screening. In addition to performing sequence screening for 
Select Agents and Toxins, providers are also encouraged to perform 
sequence screening of orders from foreign customers to determine 
whether they are governed by the EAR. As a member of the Australia 
Group, the United States requires exporters through the EAR to obtain 
export licenses for exports of reading-frame length nucleic acid 
sequences from pathogens listed under Export Control Classification 
Numbers (ECCNs) 1C351, 1C352, 1C353, and 1C354. The EAR also requires 
exporters to obtain licenses for exports of reading-frame length 
nucleic acid sequences from pathogens on the Select Agent list not 
listed elsewhere on the CCL (ECCN 1C360). The EAR requirements 
specifically apply to genetic elements that encode toxins or sub-units 
of controlled toxins or genetic elements associated with pathogenicity 
of controlled microorganisms. Because the EAR's CCL and the Select 
Agents and Toxins list are not identical, separate screening for those 
sequences on the CCL is necessary for international orders. The U.S. 
Government recommends that in addition to screening for Select Agents 
and Toxins, providers use a ``Best Match'' approach to identify 
pathogens and toxins on the CCL when an order is placed by an 
international customer. If the ordered synthetic nucleic acid is 
controlled under ECCN 1C353 and is capable of encoding a protein, an 
export license is necessary for all international orders, according to 
the EAR.\2\
    Even for exported items that do not have a specific entry on the 
CCL and are considered under EAR 99 (for which a license is not 
required to most destinations), certain individuals and organizations 
are prohibited from receiving U.S. exports and others may only receive 
goods if they have been licensed. As a result, before filling an 
international order for any synthetic nucleic acid that cannot be 
classified under an ECCN, providers must consult several lists of such 
individuals and organizations according to the EAR. If the customer 
appears on any of these lists, additional action is required and an 
export license may be necessary, depending on the list.\10\ These lists 
include the DPL, the Entity List (EL), and the Unverified List (UL).
---------------------------------------------------------------------------

    \10\ A general review of export control basics is available at 
http://www.bis.doc.gov/licensing/exportingbasics.htm.
---------------------------------------------------------------------------

    In addition to the SDN List and proliferation sanctions 
notifications, providers must not conduct business with persons and 
entities on the DPL based on the EAR.\2\ The DPL includes parties that 
have been denied export and reexport privileges.
    In accordance with the EAR, exports to persons or entities on the 
EL require an export license.\2\ The EL contains a list of names of 
certain foreign persons--including businesses, research institutions, 
government and private organizations, individuals, and other types of 
legal persons--that are subject to specific license requirements for 
the export, reexport and/or transfer (in-country) of specified items. 
On an individual basis, the persons on the EL are subject to licensing 
requirements and policies supplemental to those found elsewhere in the 
EAR.
    The presence of a party on the UL in a transaction is a ``red 
flag'' that should be resolved before proceeding with the 
transaction.\2\ The UL includes names and countries of foreign persons 
who in the past were parties to a transaction with respect to which BIS 
could not conduct a pre-license check (PLC) or a post-shipment 
verification (PSV) for reasons outside of the U.S. Government's 
control. Additional ``red flags'' can be found in Supplement No. 3 to 
Part 732 of the EAR.
    To avoid violating U.S. laws and regulations, providers should 
consult these lists whenever an international customer places an order. 
Because the updated lists are available online, providers should ensure 
they are using the most recently updated lists when screening customers 
against these lists. The U.S. Government recommends that the provider 
check the individual placing the order and the individual's affiliated 
institution (when applicable) against these lists.
    Additionally, U.S. persons or entities may not export, reexport, or 
transfer (in-country) an item subject to the EAR without a license if, 
at the time of export, reexport, or transfer (in-country) the exporter 
knows that the item will be used in the design, development, 
production, stockpiling, or use of biological weapons in or by any 
country or destination, worldwide.
    If any of these checks reveals cause for concern, the provider 
should proceed according to the details provided in Section VII. 
Additionally, if a sequence of concern is identified after sequence 
screening, follow-up screening should occur.
    If an order involves an export, according to the EAR, both the 
provider

[[Page 62325]]

and customer are required to maintain documentary evidence of the 
transaction and are prohibited from misrepresenting or concealing 
material facts in licensing processes and all export control 
documents.\2\

VII. Contacting the U.S. Government

    In cases where follow-up screening cannot resolve an issue raised 
by either customer screening or sequence screening, the U.S. Government 
recommends that providers contact one of the following agencies for 
further information:

Federal Bureau of Investigation (FBI)

    If an order turns up `red flags' or includes a sequence of concern 
and follow-up screening does not sufficiently clarify the customer's 
identity and the order's intended end-use, providers should contact the 
Weapons of Mass Destruction (WMD) Coordinator at their nearest FBI 
Field Office. Providers should also contact the WMD Coordinator if the 
follow-up screening reveals that the customer has no legitimate need 
for the order.

CDC and APHIS Select Agent Regulatory Programs (Select Agent Programs)

    If necessary, the CDC and APHIS Select Agent regulatory programs 
can be contacted through the national Select Agent Web site (http://www.selectagents.gov). The CDC program can be contacted directly via e-
mail at lrsat@cdc.gov or by fax at 404-718-2096. The APHIS program can 
be contacted directly via e-mail at 
Agricultural.Select.Agent.Program@aphis.usda.gov or by fax at 301-734-
3652.

Department of Commerce

    If sequence screening reveals that an order from an international 
customer contains a Select Agent or sequence of concern, providers 
should contact the nearest field office of the Department of Commerce's 
Office of Export Enforcement. Providers should also contact the Office 
of Export Enforcement if they receive an international order from a 
country currently subject to a U.S. trade embargo or a customer that is 
on one of the proscribed lists described in Section VI. The Department 
of Commerce will contact other U.S. Government agencies as necessary. 
The supervisory office is in Washington, DC and the phone number is 
202-482-1208. Locations and contact information for all field offices 
are available at http://www.bis.doc.gov/about/programoffices.htm. 
Assistance from an export counselor at the Department of Commerce is 
available by calling 202-482-4811.

Scenarios

    If providers encounter one of the following scenarios and are 
unable to resolve issues raised by customer screening or sequence 
screening, they can contact one of the following U.S. Government 
agencies for assistance, using the contact information provided above:
    1. Provider receives double-stranded synthetic DNA order and a 
customer flag (suspicious customer) is identified in customer 
screening. Recommend the provider contact the nearest FBI Field Office 
WMD Coordinator. FBI contacts other Departments and Agencies, as 
appropriate.
    2. Provider receives a double-stranded synthetic DNA order that is 
for a Select Agent or Toxin. Provider should refer to the Select Agent 
Regulations and follow necessary protocols. If necessary, the provider 
should contact the appropriate Select Agent Program (CDC or USDA/
APHIS).
    a. CDC or APHIS may contact FBIHQ as appropriate.
    3. Provider receives a double-stranded DNA order that incorporates 
a sequence of concern; follow-up screening reveals no legitimate 
purpose \11\ for order or research requirement. Provider contacts the 
FBI WMD Coordinator. FBI contacts the CDC or APHIS as appropriate.
---------------------------------------------------------------------------

    \11\ 18 U.S.C. 175(b) defines criminal prohibitions with respect 
to biological weapons as ``Whoever knowingly possesses any 
biological agent, toxin, or delivery system of a type or in a 
quantity that, under the circumstances, is not reasonably justified 
by a prophylactic, protective, bona fide research, or other peaceful 
purpose, shall be fined under this title, imprisoned not more than 
10 years, or both.''
---------------------------------------------------------------------------

    4. Provider receives an international double-stranded DNA order 
incorporating a Select Agent or Toxin or a sequence of concern and DOC 
denies the export license. DOC contacts the FBI as appropriate.
    5. Provider receives a double-stranded DNA order from a customer 
that is listed on one or more restricted lists, which prohibits the 
fulfillment of the order. Provider contacts the FBI WMD Coordinator. 
FBI contacts DOC as appropriate.

VIII. Customer and Sequence Screening Software and Expertise

    There are a variety software packages that can assist with the 
verification of customers and screening against the necessary lists of 
proscribed entities. Providers should be aware that commercially 
available software packages may not necessarily address all aspects of 
customer screening recommended by the U.S. Government.
    In addition to a sequence database and screening method, 
appropriate sequence screening software must be selected by synthetic 
nucleic acid providers. The U.S. Government recommends that synthetic 
nucleic acid providers select a sequence screening software tool that 
utilizes both a global and local sequence alignment technique; the most 
popular algorithm that meets both requirements is the BLAST search 
tool. BLAST is available for download for free at the NCBI site. 
Similar tools are also freely or commercially available, or could be 
designed by the provider to meet their sequence screening needs. By 
utilizing such a tool, similarity over the length of the sequence being 
screened and the identification of regions that are similar within 
longer segments that are not alike are both encompassed in the sequence 
screening approach. Specific criteria for the statistical significance 
of the hit (BLAST's e-values) or percent identity values will not be 
recommended because these details depend on the specific screening 
protocol. By utilizing the ``Best Match'' approach, the sequence with 
the greatest percent identity over the entire 66 amino acid sequence 
should be considered the ``Best Match,'' regardless of the statistical 
significance or percent identity.
    The U.S. Government recommends that synthetic nucleic acid 
providers have the necessary expertise in-house to perform the sequence 
screenings, analyze the results and conduct the appropriate follow-up 
research to evaluate the significance of dubious sequence matches. Such 
follow-up research could include comparing the ordered sequence to 
information found in the published literature about Select Agents and 
Toxins or with information found in other databases of Select Agents 
and Toxins.
    The U.S. Government recognizes that continued research and 
development on new and improved bioinformatics tools is desirable. As 
new methods are developed, U.S. guidance may change accordingly.

IX. Records Retention

    The U.S. Government recommends that companies retain electronic 
copies of customer orders for at least eight years based on statutory 
limitations set forth by U.S. Code of Federal Crimes and Procedures, 
Title 18 Section 3286.\4\
    The U.S. Government recommends archiving the following information: 
Customer (and end-user, if different) information (name, organization, 
address, and phone number), order sequence information, and order

[[Page 62326]]

information (date placed and shipped, shipping address, and receiver 
name).
    The U.S. Government recommends that providers develop, maintain, 
and document their sequence screening protocol within company records.
    The U.S. Government recommends that providers develop, maintain, 
and document protocols to determine if a sequence hit qualifies as a 
true sequence of concern.
    The U.S. Government recommends that providers keep records of any 
follow-up screening, even if the order was ultimately filled.
    If an order involves an export, according to the EAR, both the 
provider and customer are required to maintain documentary evidence of 
the transaction and are prohibited from misrepresenting or concealing 
material facts in licensing process and all export control 
documents.\2\

X. Appendix to Screening Framework Guidance for Synthetic Double-
Stranded DNA Providers

Summary of Recommendations

    The field of synthetic genomics is evolving rapidly. This document 
is intended to provide guidance to producers of synthetic genomic 
products regarding the screening of orders to ensure that these orders 
are filled in compliance with current U.S. regulations and encourage 
best practices in addressing any potential biosecurity concerns. The 
U.S. Government recommends that all orders for synthetic double-
stranded DNA 200 base pairs (bps) in length or greater be subject to a 
screening framework that incorporates both sequence screening and 
customer screening.

Customer Screening

    The U.S. Government recommends that, for every order, synthetic 
nucleic acid providers:
    (1) Gather the following information to verify a customer's 
identity:
     Customer's (and end-user's, if different) full name and 
contact information
     Billing address and shipping address (if not the same)
     Customer's institutional or corporate affiliation (if 
applicable)
     Name of institution's Biological Safety Officer (if 
applicable)
    (2) Screen customers against several lists of proscribed entities 
(described under the Domestic Orders and Foreign Orders sections).
    In cases where the customer is not affiliated with an institution 
or firm, the U.S. Government recommends that the provider conduct 
follow-up screening.
    If a review of customer information reveals one or more `red 
flags,' the U.S. Government recommends that providers exercise due 
diligence, inquire regarding the circumstances, and verify the end-use 
and end-user (see the Follow-Up Screening section).

Sequence Screening

    The U.S. Government recommends that:
     Nucleic acid sequences be screened using a ``Best Match'' 
approach to identify nucleic acids that are unique to Select Agents and 
Toxins.
     For foreign orders, nucleic acids be screened using a 
``Best Match'' approach to identify nucleic acids that are unique to 
pathogens and toxins on the Commerce Control List.
     Sequence screening be performed for both DNA strands and 
the resultant polypeptides derived from translations using the three 
alternative reading frames on each DNA strand (or six-frame 
translation).
     Sequence alignment methods should permit the detection of 
hidden ``sequences of concern'' as small as 200 bps.
    If a customer orders a synthetic nucleic acid that can be 
classified as a Select Agent or Toxin, the provider should consult and 
must abide by the CDC and USDA/APHIS Select Agent Regulations (42 CFR 
73, 7 CFR 331, and 9 CFR 121). In order to produce a regulated Select 
Agent or Toxin nucleic acid, the producer must be registered with CDC 
or USDA/APHIS.\12\
---------------------------------------------------------------------------

    \12\ Additional information regarding the CDC and USDA/APHIS 
Select Agent Regulations is available at http://www.selectagents.gov.
---------------------------------------------------------------------------

    The U.S. Government recommends that providers continue to exercise 
their due diligence in the investigation of screening hits against non-
Select Agents and Toxins that may raise a biosecurity concern.

Follow-up Screening

    When customer screening reveals any `red flags' or sequence 
screening identifies a sequence of concern, the U.S. Government 
recommends that providers ask for information regarding the customer's 
proposed end-use of the order to assess their need and the scientific 
legitimacy of their work. If the customer is associated with an 
institution or firm, providers should also contact the customer's 
biological safety officer, supervisor, lab director or director of 
research to verify their identity and need. If the customer is not 
affiliated with an institution or firm, providers should also conduct a 
literature review of the customer's past research to verify his or her 
identity and need.

Domestic Orders

    The U.S. Government reminds providers of the following:
     According to U.S. regulations, no U.S. persons or entities 
may conduct transactions with individuals or entities on the list of 
Specially Designated Nationals and Blocked Persons (SDN List) without a 
license from the Department of the Treasury Office of Foreign Assets 
Control (OFAC).\13\
---------------------------------------------------------------------------

    \13\ Additional information, including the SDN List, is 
available at: http://www.treas.gov/offices/enforcement/ofac/sdn/.
---------------------------------------------------------------------------

     According to U.S. regulations, no U.S. persons or entities 
may conduct business transactions with individuals sanctioned by the 
Department of State for engaging in proliferation activities.\14\
---------------------------------------------------------------------------

    \14\ Announcements of such sanctions determinations are printed 
in the Federal Register and are maintained on the Department of 
State's Web site (http://www.state.gov/t/isn/c15231.htm).
---------------------------------------------------------------------------

    The U.S. Government recommends that providers check domestic 
customers against the most recent Department of Commerce Denied Persons 
List (DPL).\15\
---------------------------------------------------------------------------

    \15\ Visit http://www.access.gpo.gov/bis/ear/ear_data.html to 
access the most recent Commerce Control List and review the Export 
Administration Regulations.
---------------------------------------------------------------------------

    In order to avoid violating U.S. law, providers are encouraged to 
check the individual placing the order and the individual's affiliated 
institution (when applicable) against the most recent versions of these 
lists of proscribed entities before filling each order.

Foreign Orders

    The U.S. Government reminds providers of the following:
     All providers who export products from the United States 
to international customers must comply with the U.S. export laws, 
including the International Emergency Economic Powers Act (IEEPA),\16\ 
the Trading with the Enemy Act,\17\ and any implementing U.S. 
Government regulations or Presidential Executive Orders. Certain 
transactions with sanctioned countries may be permitted, but most 
require a license from OFAC and/or the Department of Commerce's Bureau 
of Industry and Security (BIS). Most transactions involving Cuba, Iran, 
and Sudan are prohibited. In order to comply with the U.S. export laws 
and regulations, providers must first determine whether a given 
transaction with a sanctioned

[[Page 62327]]

country is permitted, and, if not permitted, obtain any appropriate 
export licenses or other U.S. government permissions prior to exporting 
any product to sanctioned countries.
---------------------------------------------------------------------------

    \16\ Visit http://www.treas.gov/offices/enforcement/ofac/legal/statutes/ieepa.pdf for additional information.
    \17\ Visit http://www.treas.gov/offices/enforcement/ofac/legal/statutes/twea.pdf for additional information.
---------------------------------------------------------------------------

     According to U.S. regulations, no U.S. persons or entities 
may conduct business transactions with individuals and entities on the 
SDN List without a license from OFAC.\13\
     According to U.S. regulations, no U.S. persons or entities 
may conduct business transactions with individuals sanctioned by the 
Department of State for engaging in proliferation activities.\14\
     The Export Administration Regulations (EAR) require that 
providers have an export license from BIS prior to exporting a 
synthetic nucleic acid that is controlled by an Export Control 
Classification Number (ECCN) and is capable of encoding a protein.\15\
     U.S. persons or entities may not export, reexport, or 
transfer (in-country) an item subject to the EAR without a license if, 
at the time of export, reexport, or transfer (in-country) the exporter 
knows that the item will be used in the design, development, 
production, stockpiling, or use of biological weapons in or by any 
country or destination, worldwide.\15\
     In accordance with the EAR, providers must not conduct 
business with persons and entities on the DPL.\15\
     In accordance with the EAR, exports to persons or entities 
on the Entity List are subject to licensing requirements and policies 
in addition to those elsewhere in the EAR.\15\
     The presence of a party on the UL in a transaction is a 
``red flag'' that should be resolved before proceeding with the 
transaction.\15\
    In order to avoid violating U.S. laws and regulations, providers 
are encouraged to check the individual placing the order and the 
individual's affiliated institution (when applicable) against the most 
recent versions of these lists of proscribed entities before filling 
each order.
    The U.S. Government recommends that providers utilize a ``Best 
Match'' approach to identify sequences of pathogens and toxins on the 
Commerce Control List for international orders. This screen is in 
addition to the ``Best Match'' sequence screen for Select Agent and 
Toxin sequences.

Contacting the U.S. Government

    In cases where follow-up screening cannot resolve concerns raised 
by customer screening or sequence screening, or when providers are 
otherwise unsure about whether to fill an order, the U.S. Government 
recommends that providers contact relevant agencies as described in 
Section VII of ``Screening Framework Guidance for Synthetic Nucleic 
Acid Providers.''

Customer and Sequence Screening Software and Expertise

    Providers should be aware that commercially available customer 
screening software packages may not necessarily address all aspects of 
customer screening recommended by the U.S. Government.
    The U.S. Government recommends that:
     Synthetic nucleic acid providers select a sequence 
screening software tool that utilizes both a global and local sequence 
alignment technique.
     Synthetic nucleic acid providers have the necessary 
expertise in-house to perform the sequence screenings, analyze the 
results, and conduct the appropriate follow-up research to evaluate the 
significance of dubious sequence matches.

Records Retention

    The U.S. Government recommends that:
     Companies retain electronic copies of customer orders for 
at least eight years based on the statute of limitations set forth by 
U.S. Code Title 18 Section 3286.\18\ The following information should 
be archived: Customer (and end-user, if different) information (name, 
organization, address, and phone number), order sequence information, 
and order information (date placed and shipped, shipping address, and 
receiver name).
---------------------------------------------------------------------------

    \18\ Section 3286 specifies that no person shall be prosecuted, 
tried, or punished for any noncapital offense involving certain 
violations unless the indictment is found or the information is 
instituted within 8 years after the offense was committed. This 
statute of limitations applies to Title 18 Section 175(b) 
(possession of biological agents with no reasonable justification).
---------------------------------------------------------------------------

     Providers develop, maintain, and document their sequence 
screening protocols within company records.
     Providers develop, maintain, and document protocols to 
determine if a sequence hit qualifies as a true sequence of concern.
     Providers keep records of hits that required follow-up 
screening, even if the order was ultimately filled.
    If an order involves an export, according to the EAR, both the 
provider and customer are required to maintain documentary evidence of 
the transaction and are prohibited from misrepresenting or concealing 
material facts in licensing processes and all export control 
documents.\15\

    Dated: November 19, 2009.
Nicole Lurie,
Assistant Secretary for Preparedness and Response.
[FR Doc. E9-28328 Filed 11-25-09; 8:45 am]
BILLING CODE 4150-37-P